The question is simple. I wanted to get a general consensus on if people actually audit the code that they use from FOSS or open source software or apps.
Do you blindly trust the FOSS community? I am trying to get a rough idea here. Sometimes audit the code? Only on mission critical apps? Not at all?
Let’s hear it!
It’s not feasible. A project can have 10s or 100s of thousand lines of code and it takes months to really understand what’s going on. Sometimes you need domain specific knowledge.
I read through those installers that do a
curl gitbub... | bash. Otherwise I do what amounts to a “vibe check”. How many forks and stars does it have? How many contributors? What is the release cycle like?